toplogo
Resources
Sign In

Efficient and Confidentiality-Preserving Graph Search Scheme Leveraging SGX


Core Concepts
SecGraph is an SGX-based efficient and confidentiality-preserving graph search scheme that supports encrypted search over dynamic graphs. It reduces communication and computation costs compared to the state-of-the-art scheme PeGraph.
Abstract
The paper proposes SecGraph, an SGX-based efficient and confidentiality-preserving graph search scheme. The key highlights are: SecGraph uses a proxy-token generation method to reduce the communication cost of search operations by leveraging the trusted computing power of SGX. This avoids the need for two search roundtrips between the client and server required by the prior PeGraph scheme. SecGraph employs an LDCF-encoded XSet data structure to transform the expensive exponentiation modulo operations in PeGraph into efficient membership checks within the storage-constrained SGX enclave, reducing the computation cost. SecGraph introduces a new dynamic version of TSet called Twin-TSet to enable encrypted search over dynamic graphs, which PeGraph cannot support. The paper also presents two optimized schemes, SecGraph-G and SecGraph-P, that further improve performance through fingerprint grouping and parallel membership checking, respectively. Security analysis shows that SecGraph achieves confidentiality preservation, forward security, and Type-III backward security. Experimental results demonstrate that SecGraph, SecGraph-G, and SecGraph-P yield up to 208x, 572x, and 3,331x improvements in search time compared to PeGraph. The communication cost in PeGraph is also up to 540x larger than that in SecGraph.
Stats
SecGraph yields up to 208x improvement in search time compared with PeGraph. The communication cost in PeGraph is up to 540x larger than that in SecGraph.
Quotes
None

Key Insights Distilled From

by Qiuhao Wang,... at arxiv.org 03-29-2024

https://arxiv.org/pdf/2403.19531.pdf
SecGraph

Deeper Inquiries

How can SecGraph be extended to support more complex graph search operations beyond conjunctive search

SecGraph can be extended to support more complex graph search operations beyond conjunctive search by incorporating additional functionalities and algorithms. One way to achieve this is by integrating advanced graph algorithms such as graph traversal algorithms (e.g., breadth-first search, depth-first search) to enable more sophisticated search capabilities. Additionally, incorporating graph clustering algorithms can help in identifying communities or clusters within the graph, allowing for more targeted and specific search operations. Furthermore, integrating graph similarity algorithms can enable users to find similar subgraphs or patterns within the graph, enhancing the search experience.

What are the potential limitations or drawbacks of relying on SGX for the trusted computing base in SecGraph

While SGX provides a secure enclave for executing sensitive operations and protecting data, there are potential limitations and drawbacks to relying solely on SGX for the trusted computing base in SecGraph. One limitation is the reliance on hardware-based security, which can be vulnerable to side-channel attacks and hardware-level vulnerabilities. Additionally, SGX has limitations in terms of enclave size and memory constraints, which can impact the scalability and performance of the system. Furthermore, SGX technology is proprietary to Intel, which may limit portability and interoperability with other hardware platforms.

How can the techniques used in SecGraph be applied to enable secure and efficient search over other types of structured data beyond graphs

The techniques used in SecGraph can be applied to enable secure and efficient search over other types of structured data beyond graphs by adapting the data structures and algorithms to suit the specific characteristics of the data. For example, for structured data like relational databases, the concept of encrypted search tokens and membership checks can be applied to enable secure search operations. Similarly, for XML data, the use of compact data structures like the Logarithmic Dynamic Cuckoo Filter (LDCF) can help in reducing computation costs and improving search efficiency. By customizing the implementation to the specific data model, the techniques used in SecGraph can be extended to various types of structured data for confidentiality-preserving search operations.
0